From 025e9ac5b4a33ffb0142612eddf3032692e38555 Mon Sep 17 00:00:00 2001
From: "Francisco Blas Izquierdo Riera (klondike)" <klondike@gentoo.org>
Date: Wed, 28 Dec 2016 12:25:05 +0100
Subject: [PATCH] Fix the logic used for --param-exclude

The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.

The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
---
 lib/controller/controller.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 53954397c..fd1c54743 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -470,7 +470,7 @@ def start():
                             infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                             logger.info(infoMsg)
 
-                        elif re.search(conf.paramExclude or "", parameter, re.I) or kb.postHint and re.search(conf.paramExclude or "", parameter.split(' ')[-1], re.I):
+                        elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
                             testSqlInj = False
 
                             infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)